| 1.1.1.3 Configure AAA Authentication - RADIUS if applicable | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.1.2.1 vty line authentication | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.1.18 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfile | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.31 Ensure that the --authorization-mode argument is set to Node | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.32 Ensure that the admission control policy is set to NodeRestriction | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.35 Ensure that the admission control policy is set to EventRateLimit | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.2.4 Ensure Exec Timeout for Console Sessions is set for less than 10 | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.3.1 Pre-authentication Banner | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.3.5 Ensure that the --root-ca-file argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.5.3 Configure Netflow on Strategic Ports | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2 Configure a Time Zone | CIS Cisco NX-OS v1.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.6.3 If a Local Time Zone is used, Configure Daylight Savings | CIS Cisco NX-OS v1.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.6.4 Configure NTP Authentication | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.7.1 Disable Power on Auto Provisioning (POAP) | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8.1 Enable FIPS Mode | CIS Cisco NX-OS v1.2.0 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.9.3 Configure source interface for SNMP Traps | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 1.10 Use Dedicated "mgmt" Interface and VRF for Administrative Functions | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.3.2 Secure screen saver corners - top left corner | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.6.7 Monitor Location Services Access - evaluate application | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.7.5 iCloud Drive Desktop sync | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.9 Pair the remote control infrared receiver if enabled | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 3.1.1.1 Configure EIGRP Authentication on all EIGRP Routing Devices | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.1.3 Configure EIGRP log-adjacency-changes | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2.3 Configure BGP Authentication | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3.2 Authenticate OSPF peers with MD5 authentication keys | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.4.2 Create and use a single Loopback Address for Routing Protocol Peering | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.4.3 Use Unicast Routing Protocols Only | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.4.4 Configure HSRP protections | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2 Configure Security Auditing Flags - 'audit all failed events across all audit classes' | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags - 'audit successful/failed administrative events' | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.1.1 Configure RA Guard | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.2 Configure Storm Control | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, INCIDENT RESPONSE, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.4.2 Configure CDP | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1 Basic Fiber Channel Configuration | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.6 Ensure Firewall is configured to log | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1 Disable Bonjour advertising service | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.6 Ensure nfs server is not running | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.7 Password Age | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4 Use a separate timestamp for each user/tty combo | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.8 Do not enable the 'root' account - root account | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.10 Require a password to wake the computer from sleep or screen saver | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.20 System Integrity Protection status | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.2 Disable 'Show password hints' - Show password hints | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2 Turn on filename extensions | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.3 Computer Name Considerations | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.9 FileVault and Local Account Password Reset using AppleID | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 7.11 App Store Password Settings | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 7.12 Siri on macOS | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
